From the course: Learning the OWASP Top 10
Join today to access over 24,600 courses taught by industry experts.
Insecure design
From the course: Learning the OWASP Top 10
Insecure design
- [Instructor] The fourth item in the 2021 OWASP Top 10 is a new one, insecure design. OWASP calls it a new category focusing on risks related to design and architectural flaws. Personally, I think this is super exciting. Historically, most of the items in the OWASP Top 10 focus on code-level bug-type vulnerabilities, and this one actually addresses design-level flaw-type vulnerabilities. In some ways, building a web app is like building a house. You can think about bugs in the application as being similar to smaller problems that might affect your house, like a broken dishwasher seal or a light bulb that needs to be replaced. In the grand scheme of things, these are relatively minor problems with straightforward fixes. A design error, however, can be the root cause of a much larger problem. Imagine you're planning to build a house that's going to reside on the side of a hill. If you don't plan for a strong foundation…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Broken access control4m 37s
-
(Locked)
Cryptographic failures3m
-
(Locked)
Injection4m 19s
-
(Locked)
Insecure design2m 58s
-
(Locked)
Security misconfiguration3m 6s
-
(Locked)
Vulnerable and outdated components3m 2s
-
(Locked)
Identification and authentication failures3m 17s
-
(Locked)
Software and data integrity failures3m 35s
-
(Locked)
Security logging and monitoring failures3m 17s
-
(Locked)
Server-side request forgery (SSRF)1m 43s
-
-